NYCC pushed promotions to attendees' social accounts... without permission.

New York Comic Con (NYCC) received many complaints Thursday and into Friday as attendees discovered that the event organizers had been tweeting from attendees’ accounts without their permission, according to Mashable. NYCC has since claimed that the process was opt-in, but its approach was perhaps a bit overeager.

NYCC stirred a bit of controversy going into its event by exclusively using RFID (radio-frequency ID) badges, which organizers said would smooth entrance to the conference and help crack down on fake badges. During the registration process, attendees had the opportunity to connect their social media accounts, including Facebook and Twitter, to their badges.

Apparently registration and use of those badges included an opt-in to allow NYCC to tweet from attendees’ accounts. Numerous requests by Ars via phone and e-mail to the organizers to obtain copies of either the opt-in dialogue or terms and conditions have not been returned, but the phrasing was apparently subtle or unclear enough that many attendees were shocked, annoyed, or disturbed to see the Con pushing posts to their accounts without their involvement.

The posts took the shape of a generic endorsement for the event—“I <3 NYCC!” was a common one—followed by a link to NYCC’s Facebook page. Third-party services often ask for permission to “tweet on a user’s behalf,” but that is generally taken to mean the service can forward a tweet either composed by the user or pre-composed by the service and reviewed by the user, not send a tweet without the user’s oversight or permission.

NYCC responded on its Twitter account, telling users, “do not fret if #NYCC-ID tweeted as you yesterday!” A representative passed Mashable a statement of intent and a non-apology: organizers have “since shut down this service completely and apologize for any perceived overstep.”

Promoted Comments

Did they ask for the password or not? That is the crux of the issue for me and none of the reports I read have said so one way or the other.

If they asked for the password, this conduct is merely poopyheaded. If they didn't, and found a way to twittertweet or whatever without consent, I would be royally pissed.

They wouldn't need the user's actual password. When you connect Twitter to a service on the Web, you go through Twitter's login page and authorize the third-party service to connect. The service can then tweet for you (usually with your permission).

Did they ask for the password or not? That is the crux of the issue for me and none of the reports I read have said so one way or the other.

If they asked for the password, this conduct is merely poopyheaded. If they didn't, and found a way to twittertweet or whatever without consent, I would be royally pissed.

They wouldn't need the user's actual password. When you connect Twitter to a service on the Web, you go through Twitter's login page and authorize the third-party service to connect. The service can then tweet for you (usually with your permission).

At some point though the user pressed a button that said 'Okay, I'll allow it!' correct?

I think the controversy is that they didn't explicitly say that they would tweet on one's behalf. Also, the tweets are designed to look like everyday speech, so unlike a game status update and whatnot, these tweets appear like they could plausibly come from the account holder.